开发者

Deploy a Java Applet with Security Permission in HTML

问答 作者:

I am having an extremely difficult time getting this to work.

The applet is embed on my web page and it is trying to connect to a Java Servlet here.

On some computers it connects fine, on others I get a can not connect error, which I believe is caused by java security permissions.

Custom 1: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)

java.security.AccessControlException: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkConnect(Unknown Source)
    at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at sun.net.NetworkClient.doConnect(Unknown Source)
    at sun.net.www.http.HttpClient.openServer(Unknown Source)
    at sun.net.www.http.HttpClient.openServer(Unknown Source)
    at sun.net.www.http.HttpClient.<init>(Unknown Source)
    at sun.net.www.http.HttpClient.New(Unknown Source)
    at sun.net.www.http.HttpClient.New(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
    at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789)
    at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773)
    at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
    at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
    at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

I have signed the jar file, yet it still doesn't fix the issue. Here is how I generated the key file and signed the jar.

keytool -genkey -alias cal -keystore keys  -keypass #### -dname "cn=feldman" -storepass ####

jarsigner -keystore keys -storepass #### -keypass #### -signedjar CalSigned.jar Cal.jar cal

Here is how I am embedding it into the html page:

<script src="http://java.com/js/deployJava.js"></script>

    <script>
        var attributes = {code:'Calendar_Algorithm.class',
                      archive:'Cal39.jar',
                      width:150, height:50,
                      id:"ClientApp",
                      name:"ClientApp"
                      } ;
        var parameters = {fontSize:16} ;
        var version = '1.6' ;
        deployJava.runApplet(attributes, parameters, version);
    </script>

I also tried doing a jnlp file, and I could not even get that to start the jar, here is my jnlp file content:

  <?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.5+" codebase="" href="">
    <security>
        <all-permissions/>
    </security>
    <information>
        <title>Easy Course Selector</title> 
        <vendor>Group Boba</vendor>
        <homepage href="index.html"/>
        <description>Easy Course Selector</description>
        <description kind="short">Easy Course Selector</description>
        <icon href="mouseguard-small-jpg3.jpg"/>

    </information>

    <resources>
        <j2se version="1.5+" href="http://java.sun.com/products/autodl/j2se" />
        <jar href="Cal.jar" main="true" download="eager" />
    </resources>
    <applet-desc name="EasyCourse Applet" main-class="Calendar_Algorithm.class" width="200" height="50">
    </applet-desc>
    <update check="background"/>
</jnlp>

And the embed code

<script> 
    var attributes = {id:"ClientApp", name:"ClientApp", code:'Calendar_Algorithm',   width:150, height:50} ; 
    var parameters = {jnlp_href: 'Cal_Info.jnlp'} ; 
    deployJava.runApplet(attributes, parameters, '1.6'); 
</script>

This is the error log of when I use it to connect to the external server:

java.security.AccessControlException: access denied (java.net.SocketPermission 184.91.186.5:8080 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.Applet2SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789)
at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773)
at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source)
at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Any help would be amazing.

Also here is the code that causes the error:

class Con implements PrivilegedExcept开发者_运维问答ionAction<Boolean> {
    private final String text;
    boolean res;
    public Con(String t) {
      text=t;
    }

    public Boolean run() { 
      res=send_courses_to_server();
      return res;
    } 
    public boolean send_courses_to_server(){

        try {
            URL url = new URL(server);

            HttpURLConnection con;
            con=(HttpURLConnection) url.openConnection();
            con.setRequestProperty("Content-type", "text/xml; charset=UTF-8");
            con.setRequestMethod("POST");
            con.setDoOutput(true);
            con.setDoInput(true);


            OutputStream out = con.getOutputStream();
            Writer writer = new OutputStreamWriter(out, "UTF-8");
            String xml="";
            writer.write("<Request>\n" +"<Request_Type>Validation_2</Request_Type>\n");
            xml="<Request>\n" +"<Request_Type>Validation_2</Request_Type>\n";



            Scanner in=new Scanner(text);
            while(in.hasNext()){
                String temp=in.nextLine().trim();
                writer.write("<Course>"+temp+"</Course>\n");
                xml=xml+"<Course>"+temp+"</Course>\n";
            }
            writer.write("</Request>\n");
            xml=xml+"</Request>\n";

            writer.flush();
            writer.close();

            InputStream is= con.getInputStream();

            if(con.getContentType().equals("text/xml")){
                status_message= new Scanner(is).nextLine();
                return false;
            }
            else{
                return set_courses(is);
            }

        } catch (Exception e){
            e.printStackTrace();
            status_message= "Custom 1: "+e.getMessage();
            return false;
        }

    }

    private boolean set_courses(InputStream is){
        courses=new Vector<Course>();

        try {
            ObjectInputStream ois=new ObjectInputStream(is);

            Course c;
            while(true){
                try{
                    c=(Course)ois.readObject();
                    courses.add(c);
                }catch(EOFException e){
                    break;
                }
            }
            ois.close();
        } catch (Exception e){
            status_message= "Custom 3 "+e.getMessage();
            return false;
        }
        status_message="Good";
        return true;
    }

}

Now, with the stack trace we can see the reason a bit better.

...
at Calendar_Algorithm$Con.send_courses_to_server(Calendar_Algorithm.java:789)
at Calendar_Algorithm$Con.run(Calendar_Algorithm.java:773)
at Calendar_Algorithm.send_courses_to_server(Calendar_Algorithm.java:761)
...
at sun.plugin.javascript.JSInvoke.invoke(Unknown Source)
...

You are using JavaScript to invoke a method of your applet, it seems. The send_courses_to_server method of your CalendarAlgorithm class is invoked from JavaScript, and invokes directly the run method of your Con inner class. This means that your code runs with (only) the permissions of the outer JavaScript, not with the permissions of your applet.

The Con class extends PrivilegedExceptionAction, but this alone is not enough to give privileged execution. You must also wrap this in a call to AccessController.doPrivileged(...) (here give your Con object).

Then the method will be called with the privileges given to your applet by signing. (Of course, you should check before that this call is legitimate and does nothing evil.)

Here I suppose your signing works, I did not check this, as I'm normally working with unsigned applets. By the way, if your applet comes from the same server as the servlet is on, this connection should not need any signing.

继续阅读:appletembedsecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9